Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Wake-on-LAN wikipedia , lookup
Power over Ethernet wikipedia , lookup
Wireless USB wikipedia , lookup
Computer security wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Policies promoting wireless broadband in the United States wikipedia , lookup
IEEE 802.11 wikipedia , lookup
Cisco Systems wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Configure a Wireless Router LAN Switching and Wireless – Chapter 7 ITE I Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Describe the components and operations of basic wireless LAN topologies. Describe the components and operations of basic wireless LAN security. Configure and verify basic wireless LAN access. Configure and troubleshoot wireless client access. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 2 Introducing WLAN Introducing Wireless LANs 802.11 wireless LANs extend the 802.3 Ethernet LAN infrastructures to provide additional connectivity options. However, additional components and protocols are used to complete wireless connections. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 3 Basic Wireless Technologies ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 4 Wireless LAN Standards 802.11 wireless LAN is an IEEE standard that defines how radio frequency (RF) in the unlicensed industrial, scientific, and medical (ISM) frequency bands is used for the Physical layer and the MAC sub-layer of wireless links. 802.11 802.11b 802.11a 802.11g 802.11n ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 5 Wireless LAN Standards ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 6 Band 802.11a 802.11b 802.11g 802.11n 5.7 GHz 2.4 GHz 2.4 GHz Unconfirmed Possibly 2.4 and 5 GHz bands Channels* Up to 23 3 3 Modulation OFDM DSSS DSSS OFDM ~150 feet or 35 meters Fast, good range, not easily obstructed Data Rates Up to 54 Mbps Up to 11 Mbps Pros Fast, less Low cost, prone to good range interference Cons ITE 1 Chapter 6 Higher cost, shorter range © 2006 Cisco Systems, Inc. All rights reserved. Slow, prone to interference Cisco Public MIMOOFDM ~230 feet or 70 meters Very good data rates, improved range Prone to interference from appliances operating on 2.4 7 OFDM and DSSS Short for Orthogonal Frequency Division Multiplexing, an FDM modulation technique for transmitting large amounts of digital data over a radio wave. OFDM works by splitting the radio signal into multiple smaller sub-signals that are then transmitted simultaneously at different frequencies to the receiver. Acronym for direct-sequence spread spectrum .DSSS is a transmission technology used in LAWN transmissions where a data signal at the sending station is combined with a higher data rate bit sequence ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 8 Components and Operations of Basic Wireless LAN Topologies components of a 802.11-based wireless infrastructure ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 9 Compairing WLAN and LAN Characteristic 802.11 WLAN 802.3 Ethernet Physical Layer Radio Frequency (RF) Cable Media Access Collision Avoidance Collision Detection Availability Anyone with a radio NIC in range of an access point Yes Cable connection required Additional regulation by local authorities IEEE standard dictates Signal Interference Regulation ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public Inconsequential 10 Standards Wi-Fi Certification Wi-Fi certification is provided by the Wi-Fi Alliance (http://www.wi-fi.org), a global, nonprofit, industry trade association devoted to promoting the growth and acceptance of WLANs. Standards ensure interoperability between devices made by different manufacturers. Internationally, the three key organizations influencing WLAN standards are: ITU-R:The ITU-R regulates the allocation of the RF spectrum and satellite orbits. IEEE:The IEEE developed and maintains the standards for local and metropolitan area networks with the IEEE 802 LAN/MAN family of standards. Wi-Fi Alliance:The Wi-Fi Alliance is an association of vendors whose objective is to improve the interoperability of products that are based on the 802.11 standard by certifying vendors ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 11 802.11 Topologies Add hoc Wireless networks can operate without access points; this is called an ad hoc topology. Basic Service Sets Access points provide an infrastructure that adds services and improves the range for clients. Extended Service Sets When a single BSS provides insufficient RF coverage, one or more can be joined through a common distribution system into an extended service set (ESS) ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 12 Client and Access Point Association A key part of the 802.11 process is discovering a WLAN and subsequently connecting to it. The primary components of this process are as follows: Beacons - Frames used by the WLAN network to advertise its presence. Probes - Frames used by WLAN clients to find their networks. Authentication Association - The process for establishing the data link between an access point and a WLAN client. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 13 Wireless Router Wireless Routers Wireless routers perform the role of access point, Ethernet switch, and router. For example, the Linksys WRT300N used is really three devices in one box. First, there is the wireless access point, which performs the typical functions of an access point. A built-in four-port, full-duplex, 10/100 switch provides connectivity to wired devices. Finally, the router function provides a gateway for connecting to other network infrastructures. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 14 Planning the WLAN Position access points above obstructions (barriers). Position access points vertically near the ceiling in the center of each coverage area, if possible. Position access points in locations where users are expected to be. For example, conference rooms are typically a better location for access points than a hallway. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 15 Conti… Network requirements specify that there must be a minimum of 6 Mb/s 802.11b throughput in each BSA. Because there is a wireless voice over WLAN implementation overlaid on this network. With access points, 6 Mbps can be achieved in open areas like those on the map, with a coverage area of 5,000 square feet in many environments. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 17 Planning ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 18 Threats in Wireless Security Unauthorized Access:-A WLAN is open to anyone within range of an access point and the appropriate credentials to associate to it. With a wireless NIC and knowledge of cracking techniques, an attacker may not have to physically enter the workplace to gain access to a WLAN. There are three major categories of threat that lead to unauthorized access: War drivers (scanners) Hackers (Crackers) Employees Unauthorized Access:-A rogue access point is an access point placed on a WLAN that is used to interfere with normal network operation. Man-in-the-Middle Attacks: Denial of Service:-A rogue access point is an access point placed on a WLAN that is used to interfere with normal network operation. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 19 Wireless Threats Man-in-the-middle and DoS ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 20 Wireless Security Protocols Two types of authentication were introduced with the original 802.11 standard: open and shared WEP key authentication. While open authentication is really "no authentication," (a client requests authentication and the access point grants it) WEP authentication was supposed to provide privacy to a link, making it like a cable connecting a PC to an Ethernet wall-jack. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 21 Basic Wireless LAN Security ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 22 Conti… Encrytpion:-Two enterprise-level encryption mechanisms specified by 802.11i are certified as WPA and WPA2 by the Wi-Fi Alliance: Temporal Key Integrity Protocol (TKIP) :-TKIP has two primary functions: It encrypts the Layer 2 payload It carries out a message integrity check (MIC) in the encrypted packet. This helps ensure against a message being tampered with. Advanced Encryption Standard (AES):- AES has the same functions as TKIP, but it uses additional data from the MAC header that allows destination hosts to recognize if the nonencrypted bits have been tampered with. It also adds a sequence number to the encrypted data header. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 23 Controlling Access to the Wireless LAN SSID cloaking - Disable SSID broadcasts from access points MAC address filtering - Tables are manually constructed on the access point to allow or disallow clients based on their physical hardware address WLAN security implementation - WPA or WPA2 Note: Neither SSID cloaking nor MAC address filtering are considered a valid means of securing a WLAN for the following reasons: MAC addresses are easily spoofed. SSIDs are easily discovered even if access points do not broadcast them. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 24 Configuring the Wireless Access Point Step 1: Verify local wired operation—DHCP and Internet access Step 2: Install the access point Step 3: Configure the access point—SSID Step 4: Install one wireless client Step 5: Verify wireless network operation Step 6: Configure wireless security—WPA2 with PSK Step 7: Verify wireless network operation ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 25 AP Configuration For a basic network setup Setup - Enter your basic network settings (IP address). Management - Click the Administration tab and then select the Management screen. The default password is admin. To secure the access point, change the password from its default. Wireless - Change the default SSID in the Basic Wireless Settings tab. Select the level of security in the Wireless Security tab and complete the options for the selected security mode. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 26 Configure and Verify Basic Wireless LAN Access Configure a wireless access point ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 27 Conti… To configure security, do the following: Security Mode Encryption Pre-shared Key Key Renewal ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 28 Configuring Wireless NIC Step 1. On the Microsoft Windows XP toolbar system tray, find the network connection icon Step 2. Click the View Wireless Networks button in the dialog box. Step 3. Observe the wireless networks that your wireless NIC has been able to detect. Note:-If you have a WLAN that is not showing up on the list of networks, you may have disabled SSID broadcast on the access point. If this is the case, you must enter the SSID manually. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 29 Conti… Select the Wireless Security Protocol Step 1. Double-click the network connections icon in the Microsoft Windows XP system tray. Step 2. Click the Properties button in the Wireless Network Connections Status dialog box. Step 3. In the Properties dialog box, click the Wireless Networks tab. Step 4. In the Wireless Networks tab, click the Add button. Also, you can save multiple wireless profiles with different security parameters allowing you to quickly connect to the WLANs you may use regularly. Step 5. In the Wireless Network Properties dialog box, enter the SSID of the WLAN you wish to configure. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 30 Conti… Step 6. In the Wireless network key box, select your preferred authentication method from the Network Authentication drop-down menu. WPA2 and PSK2 are preferred because of their strength. Step 7. Select the Data encryption method from the drop-down menu. Recall that AES is a stronger cipher than TKIP, but you should match the configuration from your access point here on your PC. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 31 A Systematic Approach to WLAN Troubleshooting A Systematic Approach to WLAN Troubleshooting Step 2 - Confirm the physical status of devices. Step 2 - Confirm the physical status of devices. If the PC of the user is operational but is performing poorly, check the following: How far is the PC from an access point Check for the presence of other devices in the area that operate on the 2.4 GHz band. Examples of other devices are cordless phones, baby monitors, microwave ovens, wireless security systems, and potentially rogue access points. Note:-You may try to install new radio drivers and firmware ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 32 Firmware Upgrade Step 1. Download the firmware from the web. For a Linksys WTR300N, go to http://www.linksys.com. Click the Select Firmware to Install button in the figure. Step 2. Extract the firmware file on your computer. Step 3. Open the web-based utility, and click the Administration tab. Step 4. Select the Firmware Upgrade tab. Step 5. Enter the location of the firmware file, or click the Browse button to find the file. Click the Run Firmware Upgrade button in the figure. Step 6. Click the Start to Upgrade button and follow the instructions. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 33 Site Survey Manual and Utility assisted. Example of Utility based is Airmagnet ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 34 Additional Details about AP Some additional specific details concerning access point and antenna placement are as follows Ensure that access points are not mounted closer than 7.9 inches (20 cm) from the body of all persons. Do not mount the access point within 3 feet (91.4 cm) of metal obstructions. Install the access point away from microwave ovens. Microwave ovens operate on the same frequency as the access point and can cause signal interference. Always mount the access point vertically (standing up or hanging down). Do not mount the access point outside of buildings. Do not mount the access point on building perimeter walls, unless outside coverage is desired. ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 35 Summary Wireless LANs use standards such as IEEE 802.11a IEEE 802.11b IEEE 802.11g IEEE 802.11n Basic Service set –Mobile clients use a single access point for connectivity Extended service set –Multiple access point that share an SSID ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 36 Summary WLAN security practices/methods include –MAC address filtering –SSID making –Implementing WPA2 Configuration of wireless NIC and access point –Configure both of them the same way •SSID –Ensure that the latest firmware is installed ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 37 ITE 1 Chapter 6 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 38